Mon Mar 4 20:37:32 2024 UTC (79d)
certctl(8): Pacify formal POSIX sh syntax.

According to POSIX 2018, the syntax between `then' and `elif' and
`fi' must be a _non-empty_ list of commands:

compound_list    : linebreak term
                 | linebreak term separator
                 ;
...
if_clause        : If compound_list Then compound_list else_part Fi
                 | If compound_list Then compound_list           Fi
                 ;
else_part        : Elif compound_list Then compound_list
                 | Elif compound_list Then compound_list else_part
                 | Else compound_list
                 ;

https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_10_02

NetBSD's sh(1) currently doesn't enforce this and allows an empty
sequence of commands, but let's not rely on that nonstandard quirk.

Noted in PR 57997.


(riastradh)
diff -r1.6 -r1.7 src/usr.sbin/certctl/certctl.sh
cvs diff -r1.6 -r1.7 src/usr.sbin/certctl/certctl.sh (expand / switch to unified diff)

--- src/usr.sbin/certctl/certctl.sh 2024/03/03 15:53:55 1.6
+++ src/usr.sbin/certctl/certctl.sh 2024/03/04 20:37:31 1.7
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1#!/bin/sh 1#!/bin/sh
2 2
3# $NetBSD: certctl.sh,v 1.6 2024/03/03 15:53:55 riastradh Exp $ 3# $NetBSD: certctl.sh,v 1.7 2024/03/04 20:37:31 riastradh Exp $
4# 4#
5# Copyright (c) 2023 The NetBSD Foundation, Inc. 5# Copyright (c) 2023 The NetBSD Foundation, Inc.
6# All rights reserved. 6# All rights reserved.
7# 7#
8# Redistribution and use in source and binary forms, with or without 8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions 9# modification, are permitted provided that the following conditions
10# are met: 10# are met:
11# 1. Redistributions of source code must retain the above copyright 11# 1. Redistributions of source code must retain the above copyright
12# notice, this list of conditions and the following disclaimer. 12# notice, this list of conditions and the following disclaimer.
13# 2. Redistributions in binary form must reproduce the above copyright 13# 2. Redistributions in binary form must reproduce the above copyright
14# notice, this list of conditions and the following disclaimer in the 14# notice, this list of conditions and the following disclaimer in the
15# documentation and/or other materials provided with the distribution. 15# documentation and/or other materials provided with the distribution.
16# 16#
@@ -430,26 +430,27 @@ rehash() @@ -430,26 +430,27 @@ rehash()
430 if [ -f "$certsdir/.certctl" ]; then 430 if [ -f "$certsdir/.certctl" ]; then
431 # Directory exists and is managed by certctl(8). 431 # Directory exists and is managed by certctl(8).
432 # Safe to delete it and everything in it. 432 # Safe to delete it and everything in it.
433 run rm -rf -- "$certsdir" 433 run rm -rf -- "$certsdir"
434 elif [ -h "$certsdir" ]; then 434 elif [ -h "$certsdir" ]; then
435 # Paranoia: refuse to chase a symlink. (Caveat: this 435 # Paranoia: refuse to chase a symlink. (Caveat: this
436 # is not secure against an adversary who can recreate 436 # is not secure against an adversary who can recreate
437 # the symlink at any time. Just a helpful check for 437 # the symlink at any time. Just a helpful check for
438 # mistakes.) 438 # mistakes.)
439 error "certificates directory is a symlink" 439 error "certificates directory is a symlink"
440 return 1 440 return 1
441 elif [ ! -e "$certsdir" ]; then 441 elif [ ! -e "$certsdir" ]; then
442 # Directory doesn't exist at all. Nothing to do! 442 # Directory doesn't exist at all. Nothing to do!
 443 :
443 elif [ ! -d "$certsdir" ]; then 444 elif [ ! -d "$certsdir" ]; then
444 error "certificates directory is not a directory" 445 error "certificates directory is not a directory"
445 return 1 446 return 1
446 elif ! find -f "$certsdir" -- -maxdepth 0 -type d -empty -exit 1; then 447 elif ! find -f "$certsdir" -- -maxdepth 0 -type d -empty -exit 1; then
447 # certsdir exists, is a directory, and is empty. Safe 448 # certsdir exists, is a directory, and is empty. Safe
448 # to delete it with rmdir and take it over. 449 # to delete it with rmdir and take it over.
449 run rmdir -- "$certsdir" 450 run rmdir -- "$certsdir"
450 else 451 else
451 error "existing certificates; set manual or move them" 452 error "existing certificates; set manual or move them"
452 return 1 453 return 1
453 fi 454 fi
454 run mkdir -- "$certsdir" 455 run mkdir -- "$certsdir"
455 if $vflag; then 456 if $vflag; then